Ejemplo n.º 1
0
    def revokeRoleFromUser(self, params):
        user_name = params[0] # TODO get user by id instead of name
        role_id = params[1]

        session_user = Session.get_current_session_user()
        if session_user.check_permission('skarphed.users.grant_revoke'):
            role = Role.get_role(role_id)
            User.get_user_by_name(user_name).revoke_role(role)
Ejemplo n.º 2
0
    def createUser(self,params):
        username = unicode(params[0])
        password = unicode(params[1])

        session_user = Session.get_current_session_user()
        if session_user.check_permission('skarphed.users.create'):
            User.create_user(username,password)
        return True
Ejemplo n.º 3
0
    def get_session(cls,cookies):
        """
        returns the session if it's not expired or nonexistant
        """
        cookie = SimpleCookie(cookies)
        session_id = cookie['session_id'].value
        
        db = Database()
        stmnt = "SELECT SES_USR_ID, SES_EXPIRES FROM SESSIONS WHERE SES_ID = ? ;"

        cur = db.query(stmnt,(session_id,))
        row = cur.fetchonemap()

        session=None

        if row is not None:
            user = User.get_user_by_id(row["SES_USR_ID"])
            session = Session(user)
            session._id = session_id
            expiration = row["SES_EXPIRES"]
            if expiration < datetime.now():
                raise SessionException(SessionException.get_msg(0))    
            session._expiration = row["SES_EXPIRES"]
        else:
            raise SessionException(SessionException.get_msg(2))
        return session
Ejemplo n.º 4
0
    def deleteUser(self, params):
        user_id = int(params[0])

        session_user = Session.get_current_session_user()
        if session_user.check_permission('skarphed.users.delete'):
            user = User.get_user_by_id(user_id)
            user.delete()
Ejemplo n.º 5
0
    def revokeRightFromUser(self,params):
        user_id = int(params[0])
        permission_name = str(params[1])

        session_user = Session.get_current_session_user()
        if session_user.check_permission('skarphed.users.grant_revoke'):
            user = User.get_user_by_id(user_id)
            user.revoke_permission(permission_name)
            return True
Ejemplo n.º 6
0
 def create_permissions_for_module(cls,module):
     """
     creates the permissions of a newly installed module
     """
     rootuser = User.get_root_user()
     module_name = module.get_name()
     permissions = module.get_permissions()
     for permission in permissions:
         new_permission = cls.create_permission(permission,module_name)
         rootuser.grant_permission(new_permission,ignore_check=True)
Ejemplo n.º 7
0
 def authenticateUser(self,params):
     username = unicode(params[0])
     password = unicode(params[1])
     
     try:
         user = User.get_user_by_name(username)
     except UserException , e:
         session = Session.get_current_session()
         if session is not None:
             session.delete()
         return False
Ejemplo n.º 8
0
    def alterPassword(self, params):
        user_id = int(params[0])
        new_password = unicode(params[1])
        old_password = unicode(params[2])

        session_user = Session.get_current_session_user()

        if user_id == session_user.get_id():
            session_user.alter_password(new_password,old_password)
        else:
            if session_user.check_permission("skarphed.users.alter_password"):
                user = User.get_user_by_id(user_id)
                user.alter_password(new_password,"",True)
        return True
Ejemplo n.º 9
0
 def update_permissions_for_module(cls,module):
     """
     updates the permissions of a module
     """
     rootuser = User.get_root_user()
     module_name = module.get_name()
     permissions = module.get_permissions()
     current = [s.replace(module_name+".","",1) for s in cls.get_permissions_for_module(module)]
     for permission in permissions:
         if permission not in current:
             new_permission = cls.create_permission(permission, module_name)
             rootuser.grant_permission(new_permission,ignore_check=True)
     for permission in current:
         if permission not in permissions:
             cls.remove_permission(permission, module_name)
Ejemplo n.º 10
0
 def get_user(self):
     """
     returns this session's user
     """
     return User.get_user_by_id(self._user)
Ejemplo n.º 11
0
 def getRolesForUserPage(self, params):
     user_name = params[0] # TODO get user by id instead of name
     user = User.get_user_by_name(user_name)
     return user.get_grantable_roles()
Ejemplo n.º 12
0
 def getRightsForUserPage(self,params):
     user_id = int(params[0])
     user = User.get_user_by_id(user_id)
     return user.get_grantable_permissions()
Ejemplo n.º 13
0
 def getUsers(self,params):
     session_user = Session.get_current_session_user()
     if session_user.check_permission('skarphed.users.view'):
         users = User.get_users_for_admin_interface()
         return users
     return False